Duqu infiltrates Iranian networks

Trent Nouveau, 14th November 2011

Iran has confirmed that a number of computer networks in the country have been infected by the Duqu trojan, an enigmatic piece of malware based on Stuxnet.

The relatively new trojan - which exploits a Windows font-parsing engine - has been detected in various countries over the past few weeks, including France, Britain and India.

"The software to control the (Duqu) virus has been developed and made available to organizations and corporations in Iran," Brigadier General Gholamreza Jalali told the government-controlled IRNA news agency.

"The elimination (process) was carried out and the organizations penetrated by the virus are under control. The cyber defense unit works day and night to combat cyber attacks and spy (computer) virus."

Although Duqu is similar to Stuxnet, the latest malware variant is coded to collect intelligence data that could be used to launch attacks against industrial and nuclear control systems.

In contrast, Stuxnet seems to have been programmed to actively damage industrial control systems and likely destroyed multiple Iranian centrifuges used to enrich uranium.

Tehran blamed the United States and Israel for the original Stuxnet virus, claiming the malware had deliberately targeted systems associated with Iran's nuclear program - which the IAEA believes may be engaged in "activities relevant to the development of a nuclear explosive device."

Iran has dismissed the recent IAEA assessment, terming it politicized and full of "lousy" intelligence work.